AMENDMENTS TO THE CLAIMS 

Please amend claims 1 and 17 as indicated below. Please cancel claims 34-47. Please 
add new claim 48. 

1 . (Currently Amended) A secure network configured to carry data, comprising: 
a plurality of network bubbles, each network bubble having a plurality of bubble 
partitions, 

each bubble partition having at least one network device configured to transmit and 
receive data, and 

all of the network devices corresponding to the same respective network bubble having at 
l e ast on e of th e plurality of n e twork bubbl e s hav e unrestricted network access with each other 
and the same network security policy; and 

a network control point having one or more network control point devices, a first network 
device of a first bubble being connected to the network control point through at least one 
network control point device and a second network device of a second bubble being connected to 
the network control point through at least one network control point device wherein the network 
control point applies the security policy of the first bubble to data for the first network device 
and the security policy of the second bubble to data for the second network device . 

a plurality of network control points, e ach n e twork control point including on e or mor e 
n e twork control point d e vic e s having at l e ast on e int e rfac e , wh e rein each of the plurality of 
bubbl e partitions is conn e ct e d to at l e ast on e n e twork control point to form a bubbl e boundary, 
the network control point is used to provid e a conn e ction b e tw ee n any two n e twork d e vic e s, and 
wh e rein at least one of the network control point devices is configured to enforce the network 
s e curity policy of th e network bubble that is connected to th e n e twork control point device. 


2 


2. (Original) A secure network as defined in claim 1, further comprising a 
plurality of inter-bubble devices, each inter-bubble device is configured to connect at least two of 
the plurality of network bubbles to one another and to enforce the network security policy of 
each of the plurality of network bubbles that the inter-bubble device is connected to. 

3. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions that belong to the same bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the plurality 
of bubble partitions. 

4. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions has unrestricted network connectivity to all other bubble partitions 
within the same bubble. 

5. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions is defined by an address range. 

6. (Original) A secure network as defined in claim 5, wherein each of the 
network devices in each of the plurality of bubble partitions has an address contained within the 
address range. 

7. (Original) A secure network as defined in claim 6, wherein each address 
exists in only one of the plurality of bubble partitions. 
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8. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of network control points ensures source address integrity at each bubble boundary. 

9. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions is connected to at least two network control point devices to 
achieve high availability in the case of a failed interface or network control point device. 

10. (Original) A secure network as defined in claim 1, wherein data may be 
transmitted between two network devices in different bubble partitions of the same network 
bubble without restriction by the network bubble boundaries. 

11. (Original) A secure network as defined in claim 1, wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external to 
all of the plurality of network bubbles. 

12. (Original) A secure network as defined in claim 11, wherein each of the 
plurality of network control points ensure source address integrity across the virtual backbone. 

13. (Original) A secure network as defined in claim 1, wherein each network 
device connects to only one network control point. 
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14. (Original) A secure network as defined in claim 1, wherein the total number 
of network control points is greater than the number of network control points connected to any 
one particular bubble partition. 

15. (Original) A secure network as defined in claim 1, wherein all data 
transmitted from one network device to another network device traverses only one network 
control point. 

16. (Original) A secure network as defined in claim 1, wherein all data 
transmitted from one network device to another network device traverses only two network 
control points. 

17. (Currently Amended) A secure network configured to transmit data, comprising: 

a first and a second network bubble, each network bubble having a distinct network 
security policy and a plurality of bubble partitions, each bubble partition having a plurality of 
network devices having unrestricted network access with each other and configured to transmit 
and receive data; and 

a network control point having one or more network control point devices, a first network 
device of the first network bubble being connected to the network control point to which a 
second network device of the second bubble is also connected wherein the network control point 
device applies the distinct security policy of the first bubble to data for the first network device 
and the distinct security policy of the second bubble to data for the second network device . 
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a plurality of n e twork control points conn e cting the first n e twork bubbl e to tho oocond 
n e twork bubbl e , e ach n e twork control point having on e or mor e n e twork control point d e vices, 
e ach n e twork control point d e vic e having at l e ast on e int e rfac e , wh e r e in e ach bubbl e partition is 
conn e ct e d to at l e ast on e and no mor e than two n e twork control points to provid e a conn e ction 
b e tw ee n a n e twork device in tho first n e twork bubbl e and a n e twork d e vic e in the second 
network bubble, and wh e r e in e ach one of the network control point d e vices is configured to 
e nforc e th e n e twork s e curity policy of at l e ast on e of th e n e twork bubbl e s. 

18. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in the 
second network bubble traverses only one network control point. 

19. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in the 
second network bubble traverses only two network control points. 

20. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in the 
second network bubble traverses more than two network control points. 

21. (Original) A secure network as defined in claim 17, wherein the network 
control point enforces source integrity for all bubble partitions that are connected to it. 
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22. (Original) A secure network as defined in claim 17, wherein each bubble 
partition connects to only one network control point. 

23. (Original) A secure network as defined in claim 17, further comprising an 
interbubble device configured to connect the first network bubble to the second network bubble 
and to enforce the network security policy of the first and second network bubble. 

24. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions that belong to the same bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the plurality 
of bubble partitions. 

25. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions has unrestricted network connectivity to all other bubble partitions 
within the same network bubble. 

26. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions is connected to at least two network control point devices to 
achieve high availability in the case of a failed interface or network control point device. 

27. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions is defined by an address range. 
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28. (Original) A secure network as defined in claim 27, wherein each of the 
plurality of network devices in each of the plurality of bubble partitions has an address contained 
within the address range. 

29. (Original) A secure network as defined in claim 28, wherein each address 
exists in only one of the plurality of bubble partitions. 

30. (Original) A secure network as defined in claim 17, wherein data may be 
transmitted between two network control point devices in different bubble partitions of the same 
network bubble without restriction by the plurality of network control points. 

31. (Original) A secure network as defined in claim 17, wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external to 
the first and the second network bubble. 

32. (Original) A secure network as defined in claim 31, wherein each of the 
plurality of network control points ensure source address integrity across the virtual backbone. 

33. (Previously Presented) A secure network as defined in claim 17, further 
comprising an interbubble device connected to the first network bubble and the second network 
bubble without being connected to the plurality of network control points and configured to 
enforce the network security policy of the first and the second network bubble. 

Claims 34-47. (Cancelled). 

48. (New) The secure network as defined in claim 1 wherein at least two of the plurality 
of bubble partitions associated with the first bubble are in different geographic locations, wherein 
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each partition connects to a different network control point device which enforces the security 
policy of the first bubble for the devices in the respective partition. 
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